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BACKGROUND OF THE INVENTION 

Technical Field 

This invention relates to the field of computer audio user interfaces and more 
particularly to a system and method for performing secured communications between a 
voice browser and a server. 

Description of the Related Art 

Privacy in data communications has become a significant issue with the 
exponential increase in e-commerce transactions on the Internet. Typically a client 
computer and server computer require that exchanged information remain private to 
both parties. For instance, in an online banking transaction, the client requires that the 
sharing of the client's account number and password include only the intended bank 
and no other party. Presently, privacy in data transactions can be secured only in 
selected applications protocols through the use of security technologies which can 
incorporate either asymmetric, symmetric or a combination of asymmetric and 
symmetric encryption algorithms. The Secured Sockets Layer ("SSL") protocol 
represents one such security technology which incorporates both asymmetric and 
symmetric encryption algorithms. 

SSL is a transport-layer protocol that can be established between a client and a 
server. SSL is typically integrated directly with selected underlying application 
protocols. For example, the Hypertext Transfer Protocol ("HTTP") has been 
successfully integrated with SSL. Specifically, HTTP packets are encapsulated in SSL 
packets and are transported over TCP/IP, HTTP integrated with SSL is commonly 
referred to as "HTTPS" and can be used to securely view and exchange Web-based 
content encoded in hypertext markup language ("HTML"). Other protocols integrated 
with SSL include Telnet, the File Transfer Protocol ("FTP"), the Lightweight Directory 
Access Protocol ("LDAP"), the Internet Message Access Protocol ("IMAP"), and the 
Network News Transfer Protocol ("NNTP"). 

SSL is intended to provide a secure pipe between a client and a server. SSL is 
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session-oriented and can maintain state, despite the execution of SSL over such 
protocols as HTTP which, in of itself, is stateless. Finally, SSL provides privacy through 
encryption, both asymmetric and symmetric, authentication based upon certificates, a 
vehicle for authorization through SSL's support for certificates, integrity by incorporating 
hash functions, and digital signing as part of the transport protocol. 

Briefly, in an SSL compliant visual Web browser executing the "HTTPS" protocol, 
an SSL session can be established when a client selects a uniform resource locator 
("URL") referencing a server compliant with the HTTPS protocol. The server can 
respond by delivering to the client, an X.509 certificate containing a distinguished name 
referencing a Certificate Authority ("CA") and a public key. The client can examine the 
server certificate by referencing the issuing CA and can verify the integrity of the server 
certificate if the issuing CA is configured in the visual Web browser as trustworthy. 
Subsequently, the server can perform optional client authentication by requesting a 
certificate from the client. The server, too, can examine the client certificate by 
referencing the issuing CA and can verify the integrity of the client certificate if both the 
client and the issuing CA are configured in the server as trustworthy. If the server 
successfully authenticates the client certificate, the SSL session can continue. 
Otherwise , the session can be terminated. 

Subsequently, the client can "challenge" the server using asymmetrical 
encryption technology in order to verify that the server indeed possesses the private 
key associated with the public key contained in the server certificate. In challenging the 
server, the client can generate a random string of data and can encrypt the random 
string of data using the server's public key contained in the server certificate. The client 
can transmit the encrypted data to the server and can request that the server deliver 
the data to the client. In order to deliver the data to the client, however, the server first 
must decrypt the data using the server's private key which corresponds to the server's 
public key contained in the server certificate. Optionally, the server, too, can challenge 
the client using a similar exchange of encrypted data. 
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Once the client and server have been mutually authenticated, the client and the 
server can agree upon a shared secret for use in future symmetrical encryption and 
decryption operations. Typically, the client can select the secret and encrypt the 
selected secret using the server's public key. The client can transmit the 
asymmetrically encrypted secret to the server so that only the client and the server 
share the common secret. When both the client and the server have agreed upon the 
shared secret, symmetrical data transfer can begin between the client and the server 
using the shared secret as the key to the symmetrical encryption and corresponding 
decryption operations. Notably, a more thorough treatment of the SSL protocol has 
been published by Netscape Communications Corporation of Mountain View, California 
in Freier, Karlton, Kocher, The SSL Protocol Version 3.0 (Netscape Communications 
Corp. March 1996), incorporated herein by reference. Additionally, an SSL 3.0 
compatible standard has been approved by the Internet Engineering Task Force 
("IETF") and has been published by the IETF as Dierks & Allen, RFC2246 - The TLS 
Protocol Version 1.0 (IETF January 1999), incorporated herein by reference. 

Unlike visual Web browsers executing the HTTPS protocol, SSL has not been 
integrated with Voice Browsers. Generally, a Voice Browser, unlike a visual Web 
browser, does not permit a user to interact with Web-based content visually. Rather, a 
Voice Browser, which can operate in conjunction with a Speech Recognition Engine 
and Speech Synthesis Engine, can permit the user to interact with Web-based content 
audibly. That is, the user can provide voice commands to navigate from Web-based 
document to document. Likewise, Web-based content can be presented to the user 
audibly, typically in the form of speech synthesized text. Thus, Voice Browsers can 
provide voice access and interactive voice response to Web-based content and 
applications, for instance by telephone, personal digital assistant, or desktop computer. 

Significantly, Voice Browsers can be configured to interact with Web-based 
content encoded in VoiceXML. VoiceXML is a markup language for distributed voice 
applications based on extended markup language ("XML"), much as HTML is a markup 
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language for distributed visual applications. VoiceXML is designed for creating audio 
dialogs that feature synthesized speech, digitized audio, recognition of spoken and 
Dual Tone Multifrequency ("DTMF") key input, recording of spoken input, telephony, 
and mixed-initiative conversations. Version 1.0 of the VoiceXML specification has been 
published by the VoiceXML Forum in the document Linda Boyer, Peter Danielsen, Jim 
Ferrans, Gerald Karam, David Ladd, Bruce Lucas and Kenneth Rehor, Voice 
extensible Markup Language (VoiceXML™) version 1.0, (W3C May 2000), 
incorporated herein by reference. Additionally, Version 1 .0 of the VoiceXML 
specification has been submitted to the World Wide Web Consortium by the VoiceXML 
Forum as a proposed industry standard. 

Version 1 .0 of the VoiceXML specification provides a high-level programming 
interface to speech and telephony resources for application developers, service 
providers and equipment manufacturers. As noted in W3C submission, standardization 
of VoiceXML will simplify creation and delivery of Web-based, personalized interactive 
voice-response services; enable phone and voice access to integrated call center 
databases, information and services on Web sites, and company intranets; and help 
enable new voice-capable devices and appliances. Still, the VoiceXML specification 
lacks a mechanism for secure communications through encrypted network 
transmissions via the SSL protocol over the TCP/IP protocol. Accordingly, what is 
needed is a Voice Browser incorporating SSL support for performing secure 
communications in a data communications network. 
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SUMMARY OF THE INVENTION 

The present invention is a Voice Browser for processing VoiceXML encoded 
Web content through a secure connection established using symmetric and asymmetric 
encryption techniques. In the preferred embodiment, the symmetric and asymmetric 
encryption techniques are included in a Java implementation of the SSL 3.0 protocol for 
providing secure communications through encrypted network transmissions between a 
VoiceXML-compliant Voice Browser Server and a network device. Specifically, the 
method of the present invention can authenticate the network device and negotiate a 
shared secret between the client and the server using asymmetrical encryption 
techniques. Subsequently, the method of the present invention can facilitate secure 
communications between the client and the server of data in a VoiceXML document 
using symmetrical encryption techniques. 

The method of the invention can include the steps of transmitting a request to the 
network device to establish a secured communication session between the Voice 
Browser and the network device and authenticating the network device. Subsequent to 
the authentication, a shared secret can be negotiated between the network device and 
the Voice Browser. Once a shared secret has been negotiated, VoiceXML-based Web 
content can be encrypted using the shared secret as an encryption key. Additionally, 
the encrypted VoiceXML-based Web content can be exchanged between the network 
device and the Voice Browser. Finally, the VoiceXML-based Web content can be 
decrypted using the shared secret as a decryption key. Significantly, the Voice Browser 
can be a VoiceXML Browser Server. 

The step of authenticating the network device can include transmitting a digital 
certificate from the network device to the Voice Browser and validating the certificate 
authority. The digital certificate can have a public key and a reference to a certificate 
authority. Specifically, the digital certificate can be an X.509-compliant digital 
certificate. Optionally, the method can further include the step of authenticating the 
Voice Browser. The step of authenticating the Voice Browser can include transmitting a 
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digital certificate from the Voice Browser to the network device and validating the 
certificate authority. As before, the digital certificate can have a public key and a 
reference to a certificate authority. Specifically, the digital certificate can be an X.509- 
compliant digital certificate. 

The step of authenticating the network device can further include the step of 
challenging the network device. Likewise, the step of authenticating the Voice Browser 
can further include the step of challenging the Voice Browser. The step of challenging 
the network device can include encrypting a message using the public key contained in 
the digital certificate; transmitting the encrypted message from the Voice Browser to the 
network device; decrypting the encrypted message using a private key corresponding 
to the public key; and, transmitting the decrypted message to the Voice Browser. 
Similarly, the step of challenging the Voice Browser can include encrypting a message 
using the public key contained in the digital certificate; transmitting the encrypted 
message from the network device to the Voice Browser; decrypting the encrypted 
message using a private key corresponding to the public key; and, transmitting the 
decrypted message to the network device. 

In the preferred embodiment, the negotiating step can include the steps of: 
generating a key for use in a symmetric cryptographic algorithm; encrypting the 
generated key with the public key; transmitting the encrypted key to the network device; 
and, decrypting the key in the network device with a private key corresponding to the 
public key. Alternatively, the negotiating step can include the steps of: generating a 
key for use in a symmetric cryptographic algorithm; encrypting the generated key with 
the public key; transmitting the encrypted key to the Voice Browser; and, decrypting the 
key in the Voice Browser with a private key corresponding to the public key. 

In the preferred embodiment, the method of the present invention can further 
include the steps of: exchanging a list of supported symmetrical cryptographic 
algorithms for the network device and the Voice Browser; selecting a symmetrical 
cryptographic algorithm from the list; and, performing the encrypting and decrypting 
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steps using the selected symmetrical cryptographic algorithm. 

A method for performing secured communications in a Voice Browser can 
include the steps of: transmitting a request from the Voice Browser to a network device 
for a secure communications session between the Voice Browser and the network 
device; receiving from the network device a digital certificate containing a public key 
and a reference to a certificate authority; and, authenticating the network device based 
on the digital certificate. Preferably, the digital certificate can be an X.509-compliant 
digital certificate. 

Subsequent to the authentication, the method can include the steps of 
negotiating a shared secret with the network device; encrypting data using the shared 
secret as an encryption key and transmitting the encrypted data to the network device; 
and, receiving encrypted Web content from the network device and decrypting the Web 
content using the shared secret as a decryption key. Significantly, the Web content can 
be a VoiceXML document and the Voice Browser can be a VoiceXML Browser Server. 

In the preferred embodiment, the transmitting step can further include the steps 
of: transmitting to the network device a list of supported encryption algorithms for use 
in the encryption and decryption steps. Notably, the network device can select an 
encryption algorithm from among the list. Subsequently, the data can be encrypted 
using the selected encryption algorithm and the Web content can be decrypted using 
the encryption algorithm. 
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BRIEF DESCRIPTION OF THE DRAWINGS 



There are presently shown in the drawings embodiments which are presently 
preferred, it being understood, however, that the invention is not limited to the precise 
arrangements and instrumentalities shown. 

Fig. 1 is an illustration of the establishment of a secured communications session 
between a Voice Browser and a network device. 
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DETAILED DESCRIPTION OF THE INVENTION 

The present invention is a Voice Browser enabled to perform secured 
communications with a network device. In particular, the Voice Browser can request a 
secured connection with a network device. Subsequently, the Voice Browser can 
receive a response from the network device in which the network device can 
acknowledge the request of the Voice Browser. Upon receiving the acknowledgment 
from the network device, the Voice Browser can authenticate the network device in 
order to ensure the identity of the network device. If the Voice Browser determines the 
identity of the network device to be authentic, the Voice Browser and the network 
device can select a shared secret to be used as an encryption key during an ensuing 
secured communications session. Finally, the Voice Browser and the network device 
can perform secured communications using the shared secret as an encryption key. 

Advantageously, the secured communications functionality provided to the Voice 
Browser can be the result of the combination of a secured communications interface in 
the Voice Browser and a platform-independent, standards-based implementation of the 
Secured Sockets Layer ("SSL") secured communications protocol. In the preferred 
embodiment, the standards-based, platform-independent implementation of the SSL 
protocol is the SSLite for Java™ SSL implementation library manufactured by IBM 
Corporation of Armonk, New York. A class hierarchy for SSLite is attached hereto in 
Appendix A. Additionally, Javadocs documentation for each class listed in Appendix A 
are provided in Appendixes B-E. Specifically, Appendix B describes the class 
HttpsURLConnection, Appendix C describes the class HttpsClient, Appendix D 
describes the class HttpsURLStreamHandlerFactory and Appendix E describes the 
class HttpsURLStreamHandler. Still, the invention is not limited in regard to the 
particular secured communications library to be combined with the secured 
communications interface. In particular, the present invention can also incorporate the 
Transport Layer Security ("TLS") protocol defined by the Transport Layer Security 
Working Group of the Internet Engineering Task Force, the Kerberos protocol 
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developed by the Massachusetts Institute of Technology, or other suitable secured 
communications protocols. 

Figure 1 illustrates a simplified approach to SSL secured communications 
between a Voice Browser and a network device. As shown in Figure 1 , First, for an 
SSL connection to become established between the Voice Browser and the network 
device, an SSL handshake is performed. Specifically, the Voice Browser can transmit 
to the network device a "client hello" message. The client hello message can include a 
request for a connection with the network device in addition to the capabilities of the 
client, for example the preferred secured communications protocol, the cipher suites 
available to perform encryption and supported data compression methods. The 
network device can acknowledge the client hello message with a "server hello" 
message which can include a cipher suite selected from the cipher suites listed in the 
client hello message, and a compression method selected from the list of supported 
encryption methods. Notably, if the network device is unable to support any of the 
encryption algorithms contained in the cipher suite provided by the Voice Browser, the 
network device can notify the Voice Browser that the handshake attempt has failed. 
Subsequently, the connection between the Voice Browser and the network device can 
be closed. 

Still, if handshake attempt is successful, the network device can transmit to the 
Voice Browser a digital certificate which can contain the network device's public key in 
addition to a reference to a certificate authority which acts as a trusted repository for 
digital certificates. The Voice Browser can authenticate the digital certificate by 
verifying that the certificate authority is a trusted repository of digital certificates. If the 
Voice Browser can successfully authenticate the certificate authority, a secure 
connection can be established. Notably, the network device can optionally authenticate 
the Voice Browser in the same the Voice Browser authenticates the network device. 
Notwithstanding, mutual authentication is not required in the present invention and the 
scope of the present invention is not to be limited in this regard. 
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Once the authentication process has been completed, the Voice Browser can 
transmit a "ClientKeyExchange" message to the network device. Specifically, the 
ClientKeyExchange message is a shared secret which has been encrypted using the 
public key of the network device, received in the digital certificate of the network device. 
The shared secret can be a randomly generated key for use in a symmetrical 
encryption algorithm. Despite the generation of the random key, however, the network 
device still preferably verifies that an identical key is not already in use with another 
client, be it another Voice Browser or other client application. If the network device 
determines that the key is already in use, the network device can notify the Voice 
Browser that another key must be generated. Notably, the invention is not limited in 
regard to the mechanism for generating a key. Rather, the key can be predetermined 
and stored in a database, generated according to a pre-defined algorithm, or other 
suitable key generation or key selection method. 

When the Voice Browser and the network device have agreed upon a shared 
secret, specifically a common symmetric key for encrypting subsequently 
communications, both the Voice Browser and the network device can exchange a 
"ChangeCipherSpec" message confirming that both are ready to begin secured 
communications. Subsequently, the Voice Browser and the network device can begin 
secure communications using a symmetrical encryption algorithm with the shared 
secret as the encryption key. 

With regard to the particular implementation of the present invention in which the 
SSL secured communications protocol is combined with secured communications 
interface of the Voice Browser, the SSL secured communications library can contain an 
"HttpsURLConnection" object which can provide methods for performing secured 
communications with HTTP servers. A complete description of the 
HttpsURLConnection class is included in the Javadoc "Class HttpsURLConnection" 
attached hereto as Appendix B. As is apparent from the class hierarchy of Appendix A, 
the HttpsURLConnection class is derived from the Java extension HttpURLConnection. 
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Accordingly, the class HttpsURLConnection is a platform-independent, standards- 
based implementation of the SSL protocol. 

The following is a source code listing for a preferred interface between the Voice 
Browser and the secured communications protocol, specifically SSL. As is apparent 
5 from the source code, the following steps are minimally performed in order to establish 
a secured connection to a network device. First, a URL object is defined and 
instantiated for a fully-qualified URL. Concurrently, a stream handler is established for 
handling data streams received from the fully-qualified URL. Second, an unsecured 
connection is established with a network device addressed by the URL in which the 
10 symmetrical encryption algorithm can be specified in addition to the compression 
q method. Also, the authentication process can be performed and a shared secret 
^ negotiated. Third, a secure connection can be established using the shared secret as a 
^ key to the selected encryption method. 

i;fjj import Java. io.*; 
I yi 5 import Java. util.*; 
w " importjava.net.*; 

import com.ibm.speech.net.www.protocol.https.*; 

i'l //begin class VoiceXMLBrowserServer 
! L public class VoiceXMLBrowserServer 

:2?0 { 

::; public static void main(String argsfl) 

U { 

try 
{ 

25 String fullQualURL = new String ("https://www.ibm.com/software/speech/vxmlpage.vxml"); 

URL url; 

URLsetURLStreamHandlerFactory(new HttpsURLStreamHandlerFactory()); 
//Create file for inputstream dump 

FileOutputStream fout = new FileOutputStream("fetched.vxml"); 

30 //Create URL object 

url = new URL(fullQualURL); 

//Setup Connection 

HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); 
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//SSL Implementation Specific API Extensions. 
//Optional usage, defaults included with implementation distribution 
//(Documented usage in Javadoc API definition) 
conn.setKeyRingDatabase("ralvs6"); //Set keyring database to use. 

//Default is specified as provided with implementation. 
conn.setTimeout(3); //Set connection timeout in seconds. 

conn.setAsyncConnections = true; //Set SSL messages to be processed asynchronously 

//by a dedicated thread. 
conn.setEnabledCompressionMethods("IBM_ZIP_SPEED"); //Set compression method. 
conn.setEnabledCipherSuites( H SSL_RSA_WITH_RC4_1 28 _MD5 

SSL_RSA_WITH_RC4 J 28_SHA"); 

//Set enabled cipher suites (Encryption Algorithms) 

HttpURLConnection API (Standard Java platform networking API) 
conn.setRequestMethod("POST"); 

conn.setRequestProperty("Content-Type , \ "application/x-www-form-urlencoded"); 
conn.setRequestProperty("accept", "text/vxml"); 

//initiate secure connection 
conn.connect(); 

//Get inputstream and do something with it 

if (conn.getInputStream()!=null) 

{ 

Buffered Reader in = new Buffered Reader(new lnputStreamReader(conn.getlnputStream())); 
String line; 

while ((line = in.readLine()) != null) 
{ 

line = line + "\n"; 
fout.write(line.getBytes()); 

} 

} 

//Close connection 
conn.disconnect(); 

} 

catch (Exception e) 
{ 

System.out.println("Error: " + e.getMessage()); 
e.printStackTrace(); 

} 

} 

} 

//end class VoiceXMLBrowserServer 



The preferred design and implementation of the present invention can be 
performed entirely in the Java programming language so as to avoid platform 
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dependencies. As such, the preferred design and implementation of the present 
invention is an "Optional Package". Optional packages , formerly known as "standard" 
extensions or "extensions" are packages of Java classes and associated native code 
that application developers can use to extend the functionality of the core platform. The 
extension mechanism allows a Java virtual machine (VM) to use the optional-package 
classes in much the same way as the VM uses bootstrap classes. Like bootstrap 
classes, classes in optional packages do not have to be placed on the class path. 
Also, the extension mechanism provides a method for needed optional packages to be 
retrieved from specified URLs when they are not already installed in the Java 2 Runtime 
Environment or Java 2 SDK. 

Optional packages are embodied in JAR files, in which every JAR file is a 
potential optional package. A JAR file can be made to play the role of an optional 
package in two ways: First, by being placed in a special location in the Java 2 Runtime 
Environment or Java 2 SDK directory structure - in which case it is an "installed" 
optional package; and second, by being referenced in a specified way from the 
manifest of the JAR file of an applet or application - in which case it is a "download" 
optional package. When the VM is searching for a class of a particular name, it will first 
look among the bootstrap classes. If it fails to find the desired class there, it will next 
look for the class among any installed optional packages. If it doesn't find the class 
among either the bootstrap classes or the installed optional packages, the VM will 
search among any download optional packages referenced by the application or applet. 
The VM only searches the class path if it fails to find a class among the bootstrap 
classes or optional package classes. 

The preferred embodiment of the present invention provides an abstraction of 
the underlying complicated key exchange, handshake and encrypted data transmission 
associated with secure data communications. In consequence, a Voice Browser in 
accordance with the inventive arrangements can access the abstracted method of the 
present invention through a reference to a library including an implementation of the 
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performing secured data communications. Hence, the present invention addresses the 
problem of secured communications in a Voice Browser by providing a Voice Browser 
incorporating SSL support for performing secure communications in a data 
communications network. 

The method of the invention can be realized in hardware, software, or a 
combination of hardware and software. Machine readable storage according to the 
present invention can be realized in a centralized fashion in one computer system, or in 
a distributed fashion where different elements are spread across several interconnected 
computer systems. Any kind of computer system or other apparatus adapted for 
carrying out the methods described herein is acceptable. A typical combination of 
hardware and software could be a general purpose computer system with a computer 
program that, when being loaded and executed, controls the computer system such 
that it carries out the methods described herein. The present invention can also be 
embedded in a computer program product which comprises all the features enabling 
the implementation of the methods described herein, and which when loaded in a 
computer system is able to carry out these methods. A computer program in the 
present context can mean any expression, in any language, code or notation, of a set of 
instructions intended to cause a system having an information processing capability to 
perform a particular function either directly or after either or both of the following: (a) 
conversion to another language, code or notation; and (b) reproduction in a different 
material form. 
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CLAIMS 

1 . A method for performing secured communications between a Voice Browser and 
a network device, said Voice Browser and network device exchanging VoiceXML-based 
Web content comprising the steps of: 

transmitting a request to the network device to establish a secured 
communication session between the Voice Browser and the network device; 
authenticating the network device; 

subsequent to said authentication, negotiating a shared secret between the 
network device and the Voice Browser; 

encrypting the VoiceXML-based Web content using said shared secret as an 

encryption key; 

exchanging the encrypted VoiceXML-based Web content between the network 
device and the Voice Browser; and, 

decrypting the VoiceXML-based Web content using said shared secret as a 
decryption key. 

2. The method of claim 1 , wherein said step of authenticating the network device 
comprises the steps of: 

transmitting a digital certificate from the network device to the Voice Browser, 
said digital certificate having a public key and a reference to a certificate authority; and, 
validating said certificate authority. 

3. The method of claim 2, wherein said digital certificate is an X.509-compliant 
digital certificate. 

4. The method of claim 1 , further comprising the step of authenticating the Voice 
Browser. 
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5. The method of claim 4, wherein said step of authenticating the Voice Browser 
comprises the steps of: 

transmitting a digital certificate from the Voice Browser to the network device, 
said digital certificate having a public key and a reference to a certificate authority; and, 
validating said certificate authority. 

6. The method of claim 5, wherein said digital certificate is an X.509-compliant 
digital certificate. 

7. The method of claim 2, wherein said step of authenticating the network device 
further comprises the step of challenging the network device. 

8. The method of claim 5, wherein said step of authenticating the Voice Browser 
further comprises the step of challenging the Voice Browser. 

9. The method of claim 7, wherein said step of challenging the network device 
comprises the steps of: 

encrypting a message using said public key contained in said digital certificate; 
transmitting said encrypted message from the Voice Browser to the network 
device; 

decrypting said encrypted message using a private key corresponding to said 
public key; and, 

transmitting the decrypted message to the Voice Browser. 

1 0. The method of claim 8, wherein said step of challenging the Voice Browser 
comprises the steps of: 

encrypting a message using said public key contained in said digital certificate; 
transmitting said encrypted message from the network device to the Voice 
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Browser; 

decrypting said encrypted message using a private key corresponding to said 
public key; and, 

transmitting the decrypted message to the network device. 



1 1 . The method of claim 1 , wherein said negotiating step comprises the steps of: 
generating a key for use in a symmetric cryptographic algorithm; 
encrypting said generated key with said public key; 
transmitting said encrypted key to the network device; and, 
decrypting said key in the network device with a private key corresponding to 

said public key. 



12. The method of claim 1 , wherein said negotiating step comprises the steps of: 
generating a key for use in a symmetric cryptographic algorithm; 
encrypting said generated key with said public key; 

transmitting said encrypted key to the Voice Browser; and, 
decrypting said key in the Voice Browser with a private key corresponding to said 
public key. 

1 3. The method of claim 1 , further comprising the steps of: 

exchanging a list of supported symmetrical cryptographic algorithms for the 

network device and the Voice Browser; 

selecting a symmetrical cryptographic algorithm from said list; and, 

performing said encrypting and decrypting steps using said selected symmetrical 

cryptographic algorithm. 

14. The method of claim 1 , wherein said Voice Browser is a VoiceXML Browser 
Server. 
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1 5. A method for performing secured communications in a Voice Browser comprising 
the steps of: 

transmitting a request from the Voice Browser to a network device for a secure 
communications session between the Voice Browser and the network device; 

receiving from the network device a digital certificate containing a public key and 
a reference to a certificate authority. 

authenticating the network device based on the digital certificate; 

subsequent to said authentication, negotiating a shared secret with the network 
device; 

encrypting data using said shared secret as an encryption key and transmitting 
said encrypted data to the network device; and, 

receiving encrypted Web content from the network device and decrypting the 
Web content using said shared secret as a decryption key. 

1 6. The method of claim 1 5, wherein said transmitting step further comprises the 
step of: 

transmitting to said network device a list of supported encryption algorithms for 
use in said encryption and decryption steps, 

said network device selecting an encryption algorithm from among said list. 

1 7. The method of claim 1 6, wherein said data is encrypted using said selected 
encryption algorithm and said Web content is decrypted using said encryption 
algorithm. 

18. The method of claim 1 5, wherein said digital certificate is an X.509-compliant 
digital certificate. 

1 9. The method of claim 1 5, wherein said Web content is a VoiceXML document. 
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20. The method of claim 1 9, wherein said Voice Browser is a VoiceXML Browser 
Server. 

21 . A machine readable storage, having stored thereon a computer program for 
performing secured communications between a Voice Browser and a network device, 
said Voice Browser and network device exchanging VoiceXML-based Web content, 
said computer program having a plurality of code sections executable by a machine for 
causing the machine to perform the steps of: 

transmitting a request to the network device to establish a secured 
communication session between the Voice Browser and the network device; 
authenticating the network device; 

subsequent to said authentication, negotiating a shared secret between the 
network device and the Voice Browser; 

encrypting the VoiceXML-based Web content using said shared secret as an 
encryption key; 

exchanging the encrypted VoiceXML-based Web content between the network 
device and the Voice Browser; and, 

decrypting the VoiceXML-based Web content using said shared secret as a 
decryption key. 

22. The machine readable storage of claim 21 , wherein said step of authenticating 
the network device comprises the steps of: 

transmitting a digital certificate from the network device to the Voice Browser, 
said digital certificate having a public key and a reference to a certificate authority; and, 
validating said certificate authority. 

23. The machine readable storage of claim 22, wherein said digital certificate is an 
X.509-compliant digital certificate. 
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24. The machine readable storage of claim 21 , for further causing the machine to 
perform the step of authenticating the Voice Browser. 

25. The machine readable storage of claim 24, wherein said step of authenticating 
the Voice Browser comprises the steps of: 

transmitting a digital certificate from the Voice Browser to the network device, 
said digital certificate having a public key and a reference to a certificate authority; and, 
validating said certificate authority. 

26. The machine readable storage of claim 25, wherein said digital certificate is an 
X.509-compliant digital certificate. 

27. The machine readable storage of claim 22, wherein said step of authenticating 
the network device further comprises the step of challenging the network device. 

28. The machine readable storage of claim 25, wherein said step of authenticating 
the Voice Browser further comprises the step of challenging the Voice Browser. 

29. The machine readable storage of claim 27, wherein said step of challenging the 
network device comprises the steps of: 

encrypting a message using said public key contained in said digital certificate; 
transmitting said encrypted message from the Voice Browser to the network 
device; 

decrypting said encrypted message using a private key corresponding to said 
public key; and, 

transmitting the decrypted message to the Voice Browser. 

30. The machine readable storage of claim 28, wherein said step of challenging the 
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Voice Browser comprises the steps of: 

encrypting a message using said public key contained in said digital certificate; 

transmitting said encrypted message from the network device to the Voice 
Browser; 

decrypting said encrypted message using a private key corresponding to said 

public key; and, 

transmitting the decrypted message to the network device. 

31 . The machine readable storage of claim 21 , wherein said negotiating step 
comprises the steps of: 

generating a key for use in a symmetric cryptographic algorithm; 
encrypting said generated key with said public key; 
transmitting said encrypted key to the network device; and, 
decrypting said key in the network device with a private key corresponding to 
said public key. 

32. The machine readable storage of claim 21 , wherein said negotiating step 
comprises the steps of: 

generating a key for use in a symmetric cryptographic algorithm; 
encrypting said generated key with said public key; 
transmitting said encrypted key to the Voice Browser; and, 
decrypting said key in the Voice Browser with a private key corresponding to said 
public key. 

33. The machine readable storage of claim 21 , for further causing the machine to 
perform the steps of: 

exchanging a list of supported symmetrical cryptographic algorithms for the 
network device and the Voice Browser; 
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selecting a symmetrical cryptographic algorithm from said list; and, 
performing said encrypting and decrypting steps using said selected symmetrical 
cryptographic algorithm. 

34. The machine readable storage of claim 21 , wherein said Voice Browser is a 
VoiceXML Browser Server. 

35. A machine readable storage, having stored thereon a computer program for 
performing secured communications in a Voice Browser, said computer program having 
a plurality of code sections executable by a machine for causing the machine to 
perform the steps of: 

transmitting a request from the Voice Browser to a network device for a secure 
communications session between the Voice Browser and the network device; 

receiving from the network device a digital certificate containing a public key and 
a reference to a certificate authority. 

authenticating the network device based on the digital certificate; 

subsequent to said authentication, negotiating a shared secret with the network 
device; 

encrypting data using said shared secret as an encryption key and transmitting 
said encrypted data to the network device; and, 

receiving encrypted Web content from the network device and decrypting the 
Web content using said shared secret as a decryption key. 

36. The machine readable storage of claim 35, wherein said transmitting step further 
comprises the step of: 

transmitting to said network device a list of supported encryption algorithms for 
use in said encryption and decryption steps, 

said network device selecting an encryption algorithm from among said list. 
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37. The machine readable storage of claim 36, wherein said data is encrypted using 
said selected encryption algorithm and said Web content is decrypted using said 
encryption algorithm. 

38. The machine readable storage of claim 35, wherein said digital certificate is an 
X.509-compliant digital certificate. 

39. The machine readable storage of claim 35, wherein said Web content is a 
VoiceXML document. 

40. The machine readable storage of claim 39, wherein said Voice Browser is a 
VoiceXML Browser Server. 
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ABSTRACT 

A method for performing secured communications in a Voice Browser can 
include the steps of: transmitting a request from the Voice Browser to a network device 
for a secure communications session between the Voice Browser and the network 
device; receiving from the network device a digital certificate containing a public key 
and a reference to a certificate authority; and, authenticating the network device based 
on the digital certificate. Preferably, the digital certificate can be an X.509-compliant 
digital certificate. Subsequent to the authentication, the method can include the steps 
of negotiating a shared secret with the network device; encrypting data using the 
shared secret as an encryption key and transmitting the encrypted data to the network 
device; and, receiving encrypted Web content from the network device and decrypting 
the Web content using the shared secret as a decryption key. Significantly, the Web 
content can be a VoiceXML document and the Voice Browser can be a VoiceXML 
Browser Server. 



QBWPBM61566.1 



25 



VOICE 
BROWSER 




Hmm ... 1 can do 

full-strength 
encryption, but this 
is an export client. \- 
don't do DES, so 
that only leaves one 
choice. . . 



NETWORK 
DEVICE 



0 



o 



Hello, let's use 

RSA_EXPORT_WITH_RC4_40_MDS 
Here's my certificate. 



VOICE 
BROWSER 




NETWORK 
DEVICE 



VOICE 
BROWSER 




RANDOM KEY MATERIAL 
ENCRYPTED WITH SERVER 
PUBLIC KEY 











NETWORK 
DEVICE 



\ GENERATE / 



\ GENERATE / 



VOICE 
BROWSER 



ChangeCipherSpec 



NETWORK 
DEVICE 



VOICE 
BROWSER 



APPLICATION DATA 



NETWORK 
DEVICE 



> UNENCRYPTED 
RECORD 
PROTOCOL FOR 
HANDSHAKE 




ENCRYPTED 
RECORD 
PROTOCOL FOR 
DATA 



FIG. 1 



EK575132b3SUS 



DOCKET NUMBER: 6169-159 



DECLARATION AND POWER OF ATTORNEY FOR 
PATENT APPLICATION 

As below named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below next to my name. 

I believe I am are the original, first and sole inventor (if only one name is listed below) or an original, first 
and joint inventor (if plural names are listed below) of the subject matter which is claimed and for which a patent is 
sought on the invention entitled 

SECURED ENCRYPTED COMMUNICATIONS IN A VOICE BROWSER 

the specification of which (check one) 
X is attached hereto. 



was filed on 

under Attorney's Docket Number 

as Application Serial No. 

and was amended on (if applicable). 

I hereby state that I have reviewed and understand the contents of the above identified specification, 
including the claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose information which is material to the examination of this application in 
accordance with Title 37, Code of Federal Regulations Section 1.56(a). 

I hereby claim foreign priority benefits under Title 35, United States Code 1 19 of any foreign application(s) 
for patent or inventor's certificate listed below and have also identified below any foreign application for patent or 
inventor's certificate having a filing date before that of the application on which priority is claimed: 

Prior Foreign Application(s) Priority Claimed 

Yes No 

(Number) (Country) (Filing Date) 

Yes No 

(Number) (Country) (Filing Date) 



I hereby claim the benefit under Title 35, United States Code, Section 120 of any United States 
application(s) listed below and, insofar as the subject matter of each of the claims of this application is not 
disclosed in the prior United States application in the manner provided by the first paragraph of Title 35, United 
States Code, Section 1 12, we acknowledge the duty to disclose material information as defined in Title 37, Code 
of Federal Regulations, Section 1.56(a) which occurred between the filing date of the prior application and the 
national or PCT international filing date of this application: 



(Appln. Serial No.) (Filing Date) (Status) 

I hereby declare that all statements made herein of my own knowledge are true and that all statements 
made on information and belief are believed to be true; and further that these statements were made with the 
knowledge that willful false statements and the like so made are punishable by fine or imprisonment, or both, under 
Section 1001 of Title 18 of the United States Code and that such willful false statements may jeopardize the 
validity of the application or any patent issued thereon. 

Express Mail Label No. EK575132635US 



QBWPBM61422.1 



Page 1 of 2 



JUN 15 2000 14=10 FR GUORLES PND BRADY LLP561 653 5333 TO 919549586970 P* 03x04 



DOCKET NUMBER 6169-159 

P0W£ft OF ATTORNEY: Ag a named inventor, I hereby appoint the following attorneys and/or agents to 
prosecute this application and transact ail business in the Patent and Trademark Office connected therewith; 

J. Rodman Steele, Jr. Reg. No. 25,931 

Gregory A. Nelson Reg, No. 30,577 

Joseph W, Bain flag. No, 34,290 

Robert J* Secco Reg. No. 35,667 

Stanley Kim Reg. No, 42,730 

Mark D, Passier Reg. No, 40,764 

Steven Greenberg Reg. No, 44,725 

Send correspondence to Gregory A. Nelson, Quarks & Brady LLP, 222 Lakeview Avenue, Fourth Roof, P.O. Box 
3188, West Pafm Beech, Florida 33402-3188 end direct a8 telephone calls to Gregory A- Nelson at (561) 653- 
5000. 



FULL NAME OF INVENTOR: Brett Gevaoni 



INVENTOR'S SIGNATURE: 



RESIDENCE: 2S32 NW 69th Terrace 
Sunrise, Ft 33322 




DATE : to \ I <o_ 



CITIZENSHIP: U.S.A. 
POST OfRCE ADDRESS: 



2932 NW S9th Terrace 
Sunrise, FL 33322 



FULL NAME OP INVENTOR: 



Bruce D* Lucas 



INVENTOR'S SIGNATURE: 



DATE: 



RESIDENCE; 2408 Mill Pond Road 

Yortaown Heights, NY 10598 



crrrzENSHtP: il$.a. 

POST OFRCE ADDRESS: 



2406 MiU Pond Road 
Yorktowrt Heights, NY 10598 



Pag* 2 of 2 



P2 "d ££££££9I9£I£ 01 0Z£9 P9S t?0t?Wd 't? did lid WSI dd 8T:£T 00,91 Nflf 



JUN 19 2008 09=35 FR TO 919549586378 P. 04/05 

JIN IS 2008 14: IS TO OUSRLES PtS> 83©Y LLPSS1 SS3 5333 TO 9195<39586970 P .83/34 



POCKET MJMBBR CtfiB-tSB 

I^^^ATTOMieV: At t fittftod invmor, ! Urtby tho foflowkv *aom«ys and/cr aaents to 

prosocuto this appfleatiac and gw>»3 <« taurtnni in th<t Ectm and Tradamart Office CBnnsctad ft»»wftH: 

J. ftotfmon Stttf*, Jr. fog. No. 25.S31 
OogoryA. Nikon Rft£ No. 30,577 

RoUrt J. Sicca ftog. No. 35.667 

«**rKb» Hog. No. 42.730 

MvfcD.rwHor no9.No.40.764 



M». No. 44>7Z5 

tS*S3KTEl£ ISST n!£%£ a V n ** m ?}?', 221 Avenue, Kwtt floor, P.O. tec 



•■UUMAMEOFWVBnWfc (k«tt«»W 

ffSNATCftE ._ PATfe 

9wrtn,n. 33323 

cmZEKStBP: U.SJL 

POSTOfnCEAODRCSS: Haa»W»rtT< 

5unriM, A 77777 



FULL NAME OF JWVtMTO*: BmcoO.Ukh 




Yortn»wj Hojgtm, my J0598 

CfTTJBlSWPl: U J&JL 

«WT OFFICE ADORES* 240ft M» M A»* 

Vottam« Kalgfc*, IT 



P*ge 2 of 2 



S0-d 06**2988 01 BZeg B£6 *S6 MMM <P and lid Mil VJ ££:ET 00.91 mr 

£0'd £££S£S9T9£I6 01 0i69 8S6 t?S6 l70Wa '1? did lid WSI dd 92:£T 00 .61 NflX 



Class Hierarchy 



APPENDIX A 



6169-159 



class java.lang. Object 

□ ciass.comJbm.speech.netwww.protocol.https.HttpsURLStreamHandlerFacto 

(implements java.net.URLStreamHandlerFactory) 

□ class com.ibm.sslight.SSLContext (implements java.lang.Cloneable) 

□ class com.ibm.speech.net.www.protocol.https.HttpsClient 

□ class java.net.URLConnection 

□ class java.net.HttpURLConnection 

□ class com.ibm. speech. net.www.protocoI.https.HttpsURLConnection 

□ class java.net.URLStreamHandler 

□ class comjbm.speech.net.www.protocol.https.HttpsURLStreamHandler 
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Class Tree Deprecated Index Help 

PREV CLASS NEXT CLASS 

SUMMARY: INNER 1 FIELD 1 CONSTR I METHOD 



FRAMES NO FRAMES 

DETAIL FIELD I CONSTR 1 METHOD 



com.ibm.speech.netwww.protocol.https 

Class HttpsURLConnection 



j ava . lang . Obj ect 
I 

+ — j ava . net . URLConnection 
I 

+ — j ava . net . HttpURLConnection 
I 

+ — com . ibm . speech . net . www . protocol . https . HttpsURLConnection 



public class HttpsURLConnection 

extends java.net. HttpURLConnection 

The class HttpsURLConnection represents a communications link between the application and a 
URL. Instances of this class can be used both to read from and to write to the resource referenced by 
the URL. In general, creating a connection to a URL is a multistep process: 



openConnection ( ) 


connect ( ) 


Manipulate parameters that affect the connection to the 
remote resource. 


Interact with the resource; query header 
fields and contents. 



-> 



time 



1. 
2. 
3. 
4 



The connection object is created by invoking the openConnection method on a URL. 

The setup parameters and general request properties are manipulated. 

The actual connection to the remote object is made, using the connect method. 

The remote object becomes available. The header fields and the contents of the remote object 

can be accessed. 



The setup parameters are modified using the following methods: 



• setAllowUser Interact ion 

• setDoInput 

• setDoOutput 

• setlfModif iedSince 

• setUseCaches 



and the general request properties are modified using the method: 
• setRequestProperty 

Default values for the AiiowUserinteraction and usecaches parameters can be set using the 

methods setDefaultAllowUserlnteraction and setDef aultUseCaches. Default values for 

general request properties can be set using the setDef auitRequestProperty method. 
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Each of the above set methods has a corresponding get method to retrieve the value of the 
parameter or general request property. The specific parameters and general request properties that are 
applicable are protocol specific. 

The following methods are used to access the header fields and the contents after the connection is 
made to the remote object: 

• getContent 

• getHeaderField 

• getlnputStream 

• getOutputStream 

Certain header fields are accessed frequently. The methods: 

• getContent Encoding 

• getContentLength 

• getContentType 

• getDate 

• getExpiration 
■ ; .'3 • getLastModif ed 

provide convenient access to these fields. The getContentType method is used by the getContent 
; J3 method to determine the type of the remote object; subclasses may find it convenient to override the 

ijl getContentType method. 

\fl In the common case, all of the pre-connection parameters and general request properties can be 

Ui ignored: the pre-connection parameters and request properties default to sensible values. For most 
clients of this interface, there are only two interesting methods: getlnputStream and getob j ect, 

Q which are mirrored in the url class by convenience methods. 

M HttpsURLConnection is a URLConnection with support for HTTPS-specific features. See the spec 

= ; y for details. 



Field Summary 


static int 


HTTP ACCEPTED 


static int 


HTTP BAD GATEWAY 


static int 


HTTP BAD METHOD 


static int 


HTTP BAD REQUEST 

4XX: client error 


static int 


HTTP CLIENT TIMEOUT 


static int 


HTTP CONFLICT 


static int 


HTTP CREATED 
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static int 


HTTP ENTITY TOO LARGE 


static int 


HTTP FORBIDDEN 


static int 


HTTP GATEWAY TIMEOUT 


static int 


HTTP GONE 


static int 


HTTP INTERNAL ERROR 


static int 


HTTP LENGTH REQUIRED 


static int 


HTTP MOVED PERM 


static int 


HTTP MOVED TEMP 


static int 


HTTP MULT CHOICE 

3XX: relocation/redirect 


static int 


HTTP NO CONTENT 


static int 


HTTP NOT ACCEPTABLE 


static int 


HTTP NOT AUTHORITATIVE 


static int 


HTTP NOT FOUND 


static int 


HTTP NOT MODIFIED 


static int 


HTTP OK 

2XX: generally OK 


static int 


HTTP PARTIAL 


static int 


HTTP PAYMENT REQUIRED 


static int 


HTTP PRECON FAILED 


static int 


HTTP PROXY AUTH 


static int 


HTTP REQ TOO LONG 


static int 


HTTP RESET 


static int 


HTTP SEE OTHER 
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static int 



HTTP SERVER ERROR 



5XX: server error 



statxc int 



HTTP UNAUTHORIZED 



static int 



HTTP UNAVAILABLE 



static int 



HTTP UNSUPPORTED TYPE 



static int 



HTTP USE PROXY 



static int 



HTTP VERSION 



Fields inherited from class j ava.net HttpURLConnection 



HTTP 
HTTP 
HTTP 
HTTP 
HTTP 
HTTP 
HTTP 
HTTP 
HTTP 
respo 



ACCEPTED, HTTP_BAD_GATEWAY, H T T P_B AD_ME T HO D , HTTP_BAD_REQUEST , 
CLIENT JTIMEOUT, HTTP_CONFLICT, HTTP_CREATED, HTTP_ENTITY_TOO LARGE, 
FORBIDDEN, HTTP_GATEWAY_TIMEOUT, HTTP_GONE, HTTP__INTERNAL__ERROR, 
LENGTH_REQUIRED, HTTP_MOVED_PERM, HTTPJMOVEDJTEMP, HTTP MULT CHOICE, 
NO_CONTENT, HTTP__NOT_ACCEPTABLE , HTTP__NOT_AUTHORITATIVE7 HTTP_NOT FOUND, 
NOT_MODIFIED, HTTP_OK, HTTP_PARTIAL, HTT P_PAYMENT__REQUI RED , 
PRECON_FAI LED , HTTP_PROXY__AUTH, HTTP_REQ__TOO_LONG, HTTP_RESET, 
SEE__OTHER, HTTP_SERVER_ERROR, HTTP___UNAUTHORIZED, HTTPJJN AVAILABLE, 
UNSUPPORTEDJTYPE, HTTP__USE_PROXY, HTTP_VERSION, method, responseCode, 
nseMessage 



Fields inherited from class java.netURLConnection 



allowUserlnteraction, connected, dolnput, doOutput, ifModif iedSince, url, 
useCaches 



Constructor Summary 



HttpsURLConnection ( j ava . net . URL u) 

Creates a new HttpsURLConnection instance to the object referenced by the url argument 
with the default debug flag. 



HttpsURLConnection ( j ava . net . URL u, boolean dbg) 

Creates a new HttpsURLConnection instance to the object referenced by the url argument 
with a specified debug flag. 



Method Summary 


void 


connect { ) 

Opens a communications link to the resource referenced by this 
URL, if such a connection has not already been established. 


void 


disconnect ( ) 

Close the connection to the server. 


boolean 


getAllowUser Interaction ( ) 

Returns the value of the allowUserlnteraction field for this 
object. 
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java. lang. String 


getContentEncoding ( ) 

Returns the value of the content-encoding header field. 


int 


getContentLength ( ) 

Returns the value of the content-length header field. 


j ava . lang . String 


getC on tent Type ( ) 

Returns the value of the content-type header field. 


long 


getDate { ) 

Returns the value of the date header field. 


static boolean 


getDef aultAllowUser Interaction ( ) 


Returns the default value of the aiiowuserinteraction field. 


static java . lang. String 


getDef aultReguestProperty ( i ava . lancr . Strina ke v) 

Returns the value of the default request property. 


boolean 


getDef aultUseCaches ( ) 

Returns the default value of a URLConnection's useCaches flag. 


boolean 


getDoInput ( ) 

Returns the value of this URLConnection's doinput flag. 


boolean 


getDoOutput ( ) 

Returns the value of this URLConnection's doOutput flag. 


j ava . io . InputStream 


getErr or Stream { ) 

Returns the error stream if the connection failed but the server sent 
useful data nonetheless. 


long 


getExpiration ( ) 

Returns the value of the expires header field. 


static java.net . File NameMap 


getFileNameMap ( ) 

Returns the FileNameMap. 


static boolean 


getFollowRedirects ( ) 


j ava . lang . String 


getHeaderField(int n) 

Returns the value for the n header field. 


java . lang . String 


getHeaderField ( i ava . lanq . Strina name ) 

Returns the name of the specified header field. 


long 


getHeaderFieldDate (i ava. lana. Strina name, lona Default! 
Returns the value of the named field parsed as date. 


int 


getHeaderFieldlnt ( i ava . lana. Strina name, int Default) 
xv^ituiio me value Ul UlC IlalilCU. 11C1U. paloCU aS a nUIIlDer. 


j ava . lang . String 


getHeaderFieldKey (int n ) 

Returns the key for the n th header field. 


java . lang . String 


getHTTPHeader ( ) 

Returns the entire of the HTTP header received from server 
request. 


long 


getlfModif iedSince ( ) 

Returns the value of this object's ifModif iedSince field. 


j ava . io . InputStream 


getlnputStream ( ) 

Returns an input stream that reads from this open connection. 
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long 


getLastModif ied ( ) 

Returns the value of the last-modif ied header field. 


j ava . io . OutputStream 


getOutput Stream ( ) 

Returns an output stream that writes to this connection. 


java. security .Permxssion 


getPermission ( ) 

Returns a permission object representing the permission necessary 
to make the connection represented by this object. 


j ava. lang. String 


getRequestMethod ( ) 

Get the request method. 


java. lang. String 


getRequestPropertv ( i ava . lana . Strina kev) 

Returns the value of the named general request property for this 
connection. 


int 


getResponseCode ( ) 

Gets HTTP response status. 


java. lang. String 


getResponseMessaqe ( ) 

Gets the HTTP response message, if any, returned along with the 
response code from a server. 


java.net . URL 


getURL ( ) 

Returns the value of this URLConnect ion's url field. 


boolean 


getUseCaches ( ) 

Returns the value of this URLConnectionS useCaches field. 


protected 
static java. lang . String 


guessContentTypeFromName ( i ava . lana . Strina f name ) 

Tries to determine the content type of an object, based on the 
specified "file" component of a URL. 


static j ava. lang. String 


guessContentTypeFromStream (i ava. io. Input Stream i 

Tries to determine the type of an input stream based on the 
characters at the beginning of the input stream. 


void 


setAllowUserlnteraction (boolean allowuserinteract i on ) 
Set the value of the allowUserlnteraction field of this 

URLConnection. 


void 


setAsynConnections (boolean value) 

Sets the value of the asyncConnectionSet field for the 
HttpsURLConnection object to the specified value. 


static void 


setContentHandlerFactorv 

( j ava . net . ContentHandler Fact ory f ac ) 

Sets the ContentHandlerFactory of an application. 


static void 


se tDef aul tAl lowUser In t er ac ti on 


(boolean def aultallowuserinteraction) 

Sets the default value of the allowUserlnteraction field for all 
future URLConnection objects to the specified value. 


static void 


setDefaultReouestPropertyfiava . lana. St ri ng k^y, 
j ava . lang . String value) 

Sets the default value of a general request property. 


void 


setDefaultUseCaches (boolean def aultns^nachp.q ] 

Sets the default value of the useCaches field to the specified 

value. 
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void 


setDoInput (boolean doinput) 

Sets the value of the doinput field for this URLConnection to the 
specified value. 


void 


setDoOutput (boolean dooutput) 

Sets the value of the doOutput field for this URLConnection to the 
specified value. 


void 


setEnableCipherSuites ( i ava . lancr . Str.i ng r.i ph^rSn 

Sets the value of the enabledCipherSuites field for the 
HttpsURLConnection object to the specified value. 


void 


setEnabledCompressionMethods (i ava , lana . Strina method <^ 


Sets the value of the enabledCompressionMethods field for the 
HttpsURLConnection object to the specified value. 


static void 


setFileNameMap (iava.net . FileNameMap m^p) 
Sets the FileNameMap. 


static void 


setFollowRedirects (boolean set) 

Sets whether HTTP redirects (requests with response code 3xx) 
should be automatically followed by this class. 


void 


setlfModifiedSince (loner ifmodifiedsi npp) 

Sets the value of the ifModif iedsince field of this 
URLConnection to the specified value. 


void 


setKeyRingDatabase(i ava. lana. Strina n^] 

Sets the value Of the keyRingDatabase field for the 
HttpsURLConnection object to the specified value. 


void 


setRecruestMethod ( i ava . lana. Strinq mef hoH^ 

Set the method for the URL request, one of: GET POST HEAD 
OPTIONS PUT DELETE TRACE are legal, subject to protocol 
restrictions. 


void 


setRequestPropertvfiava. lana. St- ri ng \c^w f 
j ava. lang. String value) 

Sets the general request property. 


void 


setTimeout (int seconds) 

Sets the value of the timeout field for the HttpsURLConnection 
object to the specified value. 


void 


setUseCaches (boolean usecaches) 

Sets the value of the useCaches field of this URLConnection to 
i;he specified value. 


j ava . lang . String 


toString ( ) 

Returns a strina renresentation of thi<? TTRT rnnn^ptinn 


boolean 


usingProxy ( ) 

Indicates if the connection is going through a proxy. 



Methods inherited from class java.netURLConnection 

getContent 



Methods inherited from class javaJang.Object 

clone, equals, finalize, getClass, hashCode, notify, notifyAU, wait, 
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Field Detail 



HTTPOK 

public static final int HTTP OK 
2XX: generally "OK" 



HTTP CREATED 

public static final int HTTP CREATED 



HTTPACCEPTED 

1=3 public static final int HTTP ACCEPTED 



HTTPNOTAUTHORITATIVE 

public static final int HTTP NOT AUTHORITATIVE 



q HTTP NO CONTENT 

public static final int HTTP NO CONTENT 



3 HTTP RESET 

public static final int HTTP RESET 



HTTP_PARTIAL 

public static final int HTTP PARTIAL 



HTTP_MULT_CHOICE 

public static final int HTTP_MULT_CHOICE 
3XX: relocation/redirect 
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HTTP MOVED PERM 

public static final int HTTP_MOVED_PERM 

HTTP MOVED TEMP 

public static final int HTTP_MOVED_TEMP 

HTTPSEEOTHER 

public static final int HTTP_SEE_OTHER 

HTTP_NOT_MODIFIED 

public static final int HTTP_NOT_MOD IFIED 

HTTP_USE_PROXY 

public static final int HTTP_USE_PROXY 

HTTP BAD REQ UEST 

public static final int HTTP_BAD_REQUEST 

4XX: client error 
HTTPUNAUTHORIZED 

public static final int HTTP_UNAUTHORIZED 

HTTP_PAYMENT_REQUIRED 

public static final int HTTP_PAYMENT_RE QUIRED 

H FTP FORBIDDEN 

public static final int HTTP FORBIDDEN 



file://H:\CLIENTS\IBM\159\com\ibm^ 6/14/00 



: Class HttpsURLConnection 



Page 10 of 27 



HTTP_NOT_FOUND 

public static final int HTTP NOT FOUND 



HTTP BAD METHOD 

public static final int HTTP BAD METHOD 



HTTP_NOT_ACCEPTABLE 

public static final int HTTP NOT ACCEPTABLE 



HTTPPROXYAUTH 

■■■J public static final int HTTP PROXY AUTH 



HTTPCLIENTTIMEOUT 

public static final int HTTP CLIENT TIMEOUT 



g HTTP CONFLICT 

[~ public static final int HTTP CONFLICT 



= HTTPGONE 

public static final int HTTP GONE 



HTTPLENGTHREQUIRED 

public static final int HTTP_LENGTH REQUIRED 



HTTPPRECONF AILED 

public static final int HTTP PRECON FAILED 



HTTP ENTITY TOO LARGE 
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public static final int HTTP ENTITY TOO LARGE 



HTTP REQ TOOJLONG 

public static final int HTTP REQ TOO LONG 



HTTP UNSUPPORTED TYPE 

public static final int HTTP UNSUPPORTED TYPE 



HTTPSERVERERROR 

public static final int HTTP_SERVER_ERROR 

5XX: server error 



;| HTTP_INTERNAL_ERROR 

public static final int HTTP_INTERNAL ERROR 



HTTP_BAD_GATEWAY 

public static final int HTTP BAD GATEWAY 



3 HTTP UNAVAILABLE 

public static final int HTTP UNAVAILABLE 



HTTPGATEWAYTEMEOUT 

public static final int HTTP GATEWAY TIMEOUT 



HTTPVERSION 

public static final int HTTP_VERSION 

Constructor Detail 
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HttpsURLConnection 

public HttpsURLConnection ( j ava . net . URL u) 

Creates a new HttpsURLConnection instance to the object referenced by the url argument 

with the default debug flag. 

Parameters: 

u - the URL that this connects to. 



HttpsURLConnection 

public HttpsURLConnection ( java.net .URL u, 

boolean dbg) 

Creates a new HttpsURLConnection instance to the object referenced by the url argument 

with a specified debug flag. 

Parameters: 

u - the URL that this connects to. 

dbg - dbg the boolean value of turning the debug option ON/OFF. 



Method Detail 



getlnputStream 

public java.io. InputStream getlnputStream ( ) 

throws java.io. IOException 

Returns an input stream that reads from this open connection. 
Overrides: 

getlnputStream in class java.net. URLConnection 
Returns: 

an input stream that reads from this open connection. 
Throws: 

java.io.IOException - if an I/O error occurs while creating the input stream. 
UnknownServiceException - if the protocol does not support input. 



getOutputStream 

public j ava. io. Output Stream getOutputStream ( ) 

throws j ava . io . IOException 

Returns an output stream that writes to this connection. 
Overrides: 

getOutputStream in class java.net.URLConnection 
Returns: 

an output stream that writes to this connection. 
Throws: 

java.io.IOException - if an I/O error occurs while creating the output stream. 
UnknownServiceException - if the protocol does not support output. 
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disconnect 

public void disconnect () 

Close the connection to the server. 
Overrides: 

disconnect in class java.net.HttpURLConnection 



usingProxy 

public boolean usingProxy {) 

Indicates if the connection is going through a proxy. 
Overrides: 

usingProxy in class java.net.HttpURLConnection 



connect 

public void connect ( ) 

throws java.io.IOException 

Opens a communications link to the resource referenced by this URL, if such a connection has 
not already been established. 

If the connect method is called when the connection has already been opened (indicated by the 
connected field having the value true), the call is ignored. 

HttpsURLConnection objects go through two phases: first they are created, then they are 
connected. After being created, and before being connected, various options can be specified 
(e.g., dolnput and UseCaches). After connecting, it is an error to try to set them. Operations 
that depend on being connected, like getContentLength, will implicitly perform the connection 
if necessary. 

Overrides: 

connect in class java.net.URLConnection 
Throws: 

java.io JOException - if an I/O error occurs while opening the connection. 



setRequestMethod 

public void setRequestMethod ( java . lang. String method) 

throws j ava . net . ProtocolException 

Set the method for the URL request, one of; 

• GET 

• POST 

• HEAD 
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• OPTIONS 

• PUT 

• DELETE 

• TRACE 

are legal, subject to protocol restrictions. The default method is GET. 
Overrides: 

setRequestMethod in class java.net. HttpURLConnection 
Throws: 

j ava.net. ProtocolException - if the method cannot be reset or if the requested method 
isn't valid for HTTP. 



setRequestProperty 

public void setRequestProperty (j ava . lang . String key, 

java. lang. String value) 

Sets the general request property. 
Overrides: 

setRequestProperty in class java.net.URLConnection 
Parameters: 

key - the keyword by which the request is known (e.g., "accept"), 
value - the value associated with it. 



J getHeaderField 

'™ public java. lang. String getHeaderField (j ava . lang . String name) 

Returns the name of the specified header field. 
:^ Overrides: 

V Z getHeaderField in class java.net.URLConnection 

:|rf Parameters: 

^ name - the name of a header field. 

□ Returns: 

the value of the named header field, or null if there is no such field in the header. 



getHTTPHeader 

public java. lang. String getHTTPHeader ( ) 

Returns the entire of the HTTP header received from server request. 
Returns: 

the value of the httpHeader field for this object. 



getAIlowUserlnteraction 

public boolean getAIlowUserlnteraction { ) 

Returns the value of the aiiowuserinteraction field for this object. 
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Overrides: 

getAllowUserlnteraction in class java.net URLConnection 
Returns: 

the value of the aiiowUserinteraction field for this object 



getContentEncoding 

public j ava . lang . String getContentEncoding ( ) 

Returns the value of the content-encoding header field. 
Overrides: 

getContentEncoding in class java.netURLConnection 
Returns: 

the content encoding of the resource that the URL references, or null if not known. 



getContentLength 

public int getContentLength ( ) 

Returns the value of the content-length header field. 
Overrides: 

getContentLength in class java.net. URLConnection 
Returns: 

the content length of the resource that this connection's URL references, or -1 if the 
content length is not known. 



getContentType 

public j ava. lang. String getContentType ( ) 

Returns the value of the content -type header field. 
Overrides: 

getContentType in class java.net URLConnection 
Returns: 

the content type of the resource that the URL references, or null if not known. 



getDate 

public long getDate ( ) 

Returns the value of the date header field. 
Overrides: 

getDate in class java,net URLConnection 
Returns: 

the sending date of the resource that the URL references, or o if not known. The value 
returned is the number of milliseconds since January 1, 1970 GMT. 
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getDefauItAIlowUserlnteraction 

public static boolean getDef aultAllowUserlnteraction ( ) 
Returns the default value of the allowUserlnteraction field. 

Ths default is "sticky", being a part of the static state of all URLConnections. This flag applies 
to the next, and all following URLConnections that are created. 

Returns: 

the default value of the allowUserlnteraction field. 



getDefaultRequestProperty 

public static java. lang. String getDefaultRequestProperty (java . lang. String key) 

Returns the value of the default request property. Default request properties are set for every 

connection. 

Returns: 

the value of the default request property for the specified key. 



getDefaultUseCaches 

public boolean getDef aultUseCaches ( ) 

Returns the default value of a URLConnection's useCaches flag. 

Ths default is "sticky", being apart of the static state of all URLConnections. This flag applies 
to the next, and all following URLConnections that are created. 

Overrides: 

getDefaultUseCaches in class java.net.URLConnection 
Returns: 

the default value of a URLConnection's useCaches flag. 



getDoInput 

public boolean getDoInput { ) 

Returns the value of this URLConnections dolnput flag. 
Overrides: 

getDoInput in class java.net.URLConnection 
Returns: 

the value of this URLConnection's dolnput flag. 



getDoOutput 



file://H:\CLIENTS\IBM\159\com^ 6/14/00 



: Class HttpsURLConnection 



Page 17 of 27 



public boolean getDoOutput ( ) 

Returns the value of this URLConnection's doOutput flag. 
Overrides: 

getDoOutput in class java.net. URLConnection 
Returns: 

the value of this URLConnection's doOutput flag. 



getExpiration 

public long getExpiration ( ) 

Returns the value of the expires header field. 
Overrides: 

getExpiration in class java.net URLConnection 
Returns: 

the expiration date of the resource that this URL references, or 0 if not known. The value 
is the number of milliseconds since January 1, 1970 GMT. 



J getFileNameMap 

m public static j ava . net . FileNameMap getFileNameMap ( ) 

Ly Returns the FileNameMap. 

Since: 
h JDK1.2 



3 getHeaderField 



public j ava. lang. String getHeaderField (int n) 

Returns the value for the n th header field. It returns null if there are fewer than n fields. 

This method can be used in conjunction with the getHeaderFieidKey method to iterate 
through all the headers in the message. 

Overrides: 

getHeaderField in class java.net.URLConnection 
Parameters: 

n - an index. 
Returns: 

the value of the n th header field. 



getHeaderFieldDate 



public long getHeaderFieldDate (j ava . lang . String name, 
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long Default) 

Returns the value of the named field parsed as date. The result is the number of milliseconds 
since January 1, 1970 GMT represented by the named field. 

This form of getHeaderFieid exists because some connection types (e.g., http-ng) have pre- 
pared headers. Classes for that connection type can override this method and short-circuit the 
parsing. 

Overrides: 

getHeaderFieldDate in class java.net.URLConnection 
Parameters: 

name - the name of the header field. 

Default - a default value. 
Returns: 

the value of the field, parsed as a date. The value of the Default argument is returned if 
the field is missing or malformed. 



getHeaderFieldlnt 

public int getHeaderFieldlnt (java . lang. String name, 

int Default) 

Returns the value of the named field parsed as a number. 

This form of getHeaderFieid exists because some connection types (e.g., http-ng) have pre- 
pared headers. Classes for that connection type can override this method and short-circuit the 
parsing. 

Overrides: 

getHeaderFieldlnt in class java.net. URLConnection 
Parameters: 

name - the name of the header field. 

Default - the default value. 
Returns: 

the value of the named field, parsed as an integer. The Default value is returned if the 
field is missing or malformed. 



getHeaderFieldKey 

public java. lang. String getHeaderFieldKey { int n) 

Returns the key for the n th header field. 
Overrides: 

getHeaderFieldKey in class java.net.URLConnection 
Parameters: 

n - an index. 
Returns: 

the key for the n th header field, or null if there are fewer than n fields. 
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getlfModifiedSince 



public long getlfModif iedsince ( ) 

Returns the value of this object's ifModif iedsince field. 
Overrides: 

getlfModifiedSince in class java.net.URLConnection 
Returns: 

the value of this object's ifModif iedsince field. 



getLastModified 



public long getLastModified ( ) 

Returns the value of the last-modified header field. The result is the number of milliseconds 

since January 1, 1970 GMT. 

Overrides: 

getLastModified in class java.net.URLConnection 
Returns: 

the date the resource referenced by this URLConnection was last modified, or 0 if not 
known. 



getPermission 



public java. security. Permission getPermission { ) 

throws java. io . lOException 

Returns a permission object representing the permission necessary to make the connection 
represented by this object. This method returns null if no permission is required to make the 
connection. By default, this method returns java. security. AiiPermission. Subclasses 
should override this method and return the permission that best represents the permission 
required to make a a connection to the URL. For example, a URLConnection representing a 

file : URL would return a j ava . io . FilePermission object. 

The permission returned may dependent upon the state of the connection. For example, the 
permission before connecting may be different from that after connecting. For example, an 
HTTP sever, say foo.com, may redirect the connection to a different host, say bar.com. Before 
connecting the permission returned by the connection will represent the permission needed to 
connect to foo.com, while the permission returned after connecting will be to bar.com. 

Permissions are generally used for two purposes: to protect caches of objects obtained through 
URLConnections, and to check the right of a recipient to learn about a particular URL In the 
first case, the permission should be obtained after the object has been obtained. For example ii 
an HTTP connection, this will represent the permission to connect to the host from which the 
data was ultimately fetched. In the second case, the permission should be obtained and tested 
before connecting. 

Overrides: 

getPermission in class java.net.HttpURLConnection 
Returns: 
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the permission object representing the permission necessary to make the connection 
represented by this URLConnection. 
Throws: 

java.io.IOException - if the computation of the permission requires network or file I/O 
and an exception occurs while computing it. 



getRequestProperty 



public java.lang. String getRequestProperty (j ava . lang . String key) 

Returns the value of the named general request property for this connection 
Overrides: 

getRequestProperty in class java.net.URLConnection 
Returns: 

the value of the named general request property for this connection. 



getURL 



public java.net. URL getURL ( ) 

Returns the value of this URLConnection 1 s URL field. 

Overrides: 

getURL in class java.net URLConnection 
Returns: 

the value Of this URLConnect ion's URL field. 



K getUseCaches 

'■^ public boolean getUseCaches ( ) 

Returns the value of this URLConnection's useCaches field. 

Overrides: 

getUseCaches in class java.net.URLConnection 
Returns: 

the value of this URLConnection's useCaches field. 



guessContentTypeFromName 



scted static j ava . lang . String guessContentTypeFromName (j ava . lang . String fname) 

tSt S *° 4 etermine the content type of an object, based on the specified "file" component of a 
URL. This is a convenience method that can be used by subclasses that override the 
getContentType method. 
Parameters: 

f name - a filename. 
Returns: 

a guess as to what the content type of the object is, based upon its file name. 



:\CLIENTS\IBM\1 59\com\ibm\speech\net\www\protocol\h. . .\HttpsURLConnection.htm 6/1 4/00 



: Class HttpsURLConnection 



Page 21 of 27 



guessContentTypeFromStream 

public static j ava . lang . String guessContentTypeFromStream ( j ava . io , InputStream is) 

throws j ava . io , IOException 

Tries to determine the type of an input stream based on the characters at the beginning of the 
input stream. This method can be used by subclasses that override the getContentType 
method. 

Ideally, this routine would not be needed. But many http servers return the incorrect content 
type; in addition, there are many nonstandard extensions. Direct inspection of the bytes to 
determine the content type is often more accurate than believing the content type claimed by 
the http server. 

Parameters: 

is - an input stream that supports marks. 
Returns: 

a guess at the content type, or null if none can be determined. 
Throws: 

javaio .IOException - if an I/O error occurs while reading the input stream. 



setAUowUserlnteraction 

public void setAUowUserlnteraction (boolean allowuserinteraction) 
Set the value of the allowUserlnteraction field of this URLConnection. 

Overrides: 

setAUowUserlnteraction in class java.net.URLConnection 
Parameters: 

allowuserinteraction - the new value. 



setContentHandlerFactory 

public static void setContentHandlerFactory (j ava. net . ContentHandler Factory fac) 

Sets the ContentHandierFactory of an application. It can be called at most once by an 
application. 

The ContentHandierFactory instance is used to construct a content handler from a content 
type 

If there is a security manager, this method first calls the security manager's checkSetFactory 
method to ensure the operation is allowed. This could result in a SecurityException. 

Parameters: 

fac - the desired factory. 
Throws: 

java.lang.Error - if the factory has already been defined. 

java.lang.SecurityException - if a security manager exists and its checkSetFactory 
method doesn't allow the operation. 
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setDefaultAUowUserlnteraction 

public static void setDefaultAUowUserlnteraction (boolean def aultallowuserinteracti 

Sets the default value of the allowUserlnteraction field for all future URLConnection 

objects to the specified value. 

Parameters: 

def aultallowuserinteraction - the new value. 



setDefaultRequestProperty 

public static void setDef aultRequestProperty (j ava . lang. String key, 

java . lang. String value) 

Sets the default value of a general request property. When a URLConnection is created, it is 

initialized with these properties. 

Parameters: 

key - the keyword by which the request is known (e.g., "accept"), 
value - the value associated with the key. 



setDefauItUseCaches 

public void setDefauItUseCaches (boolean def aultusecaches ) 

Sets the default value of the useCaches field to the specified value. 
Overrides: 

setDefauItUseCaches in class java.net.URLConnection 
Parameters: 

def aultusecaches - the new value. 



setDoInput 

public void setDoInput (boolean doinput) 

Sets the value of the doinput field for this URLConnection to the specified value. 

A URL connection can be used for input and/or output. Set the Doinput flag to true if you 
intend to use the URL connection for input, false if not. The default is true unless DoOutput is 
explicitly set to true, in which case Doinput defaults to false. 

Overrides: 

setDoInput in class java.net.URLConnection 
Parameters: 

value - the new value. 
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setDoOutput 

public void setDoOutput (boolean dooutput) 

Sets the value of the dooutput field for this URLConnection to the specified value. 

A URL connection can be used for input and/or output. Set the DoOutput flag to true if you 
intend to use the URL connection for output, false if not. The default is false. 

Overrides: 

setDoOutput in class java.net. URLConnection 
Parameters: 

value - the new value. 



setFileNameMap 

public static void setFileNameMap ( j ava . net . FileNameMap map) 

Sets the FileNameMap. 

If there is a security manager, this method first calls the security manager's checkSetFactory 
method to ensure the operation is allowed. This could result in a SecurityException. 

Parameters: 

map - the FileNameMap to be set 
Throws: 

java.lang.SecurityException - if a security manager exists and its checkSetFactory 
method doesn't allow the operation. 



3 setlfModifiedSince 



public void setlfModif iedSince { long if modi f iedsince ) 

Sets the value of the ifModif iedSince field of this URLConnection to the specified value. 
Overrides: 

setlfModifiedSince in class java.net.URLConnection 
Parameters: 

value - the new value. 



setUseCaches 



public void setUseCaches (boolean usecaches) 

Sets the value of the usecaches field of this URLConnection to the specified value. 

Some protocols do caching of documents. Occasionally, it is important to be able to "tunnel 
through" and ignore the caches (e.g., the "reload" button in a browser). If the UseCaches flag 
on a connection is true, the connection is allowed to use whatever caches it can. If false, caches 
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are to be ignored. The default value comes from DefaultUseCaches, which defaults to true. 
Overrides: 

setUseCaches in class java.net.URLConnection 



toString 

public java.lang. String toString {) 

Returns a string representation of this URL connection. 
Overrides: 

toString in class java.net. URLConnection 
Returns: 

a string representation of this URLConnection. 
getErrorStream 

public java. io. InputStream getErrorStream ( ) 

Returns the error stream if the connection failed but the server sent useful data nonetheless 
The typical example is when an HTTP server responds with a 404, which will cause a 
FileNotFoundException to be thrown in connect, but the server sent an HTML help page with 
suggestions as to what to do. 

This method will not cause a connection to be initiated. If there the connection was not 
connected, or if the server did not have an error while connecting or if the server did have an 
error but there no error data was sent, this method will return null. This is the default. 

Overrides: 

getErrorStream in class java.net. HttpURLConnection 
Returns: 

an error stream if any, null if there have been no errors, the connection is not connected 
or the server sent no useful data. 



getFolIowRedirects 

public static boolean getFolIowRedirects ( ) 



getRequestMethod 

public java. lang. String getRequestMethod ( ) 

Get the request method. 
Overrides: 

getRequestMethod in class java.netHttpURLConnection 
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getResponseCode 



public int getResponseCode ( ) 

throws java.io. lOException 

Gets HTTP response status. From responses like: 

HTTP/1.0 200 OK 

HTTP/1.0 401 Unauthorized 



Extracts the mts 200 and 401 respectively. Returns -1 if none can be discerned from the 

response (i.e., the response is not valid HTTP). 

Overrides: 

getResponseCode in class java.net.HttpURLConnection 
Throws: 

javaio .lOException - if an error occurred connecting to the server. 



getResponseMessage 



public j ava. lang. String getResponseMessage ( ) 

throws j ava . io . lOException 

Gets the HTTP response message, if any, returned along with the response code from a server 
From responses like: 

HTTP/1.0 200 OK 
HTTP/1.0 404 Not Found 



Extracts the Strings "OK" and "Not Found" respectively. Returns null if none could be 

discerned from the responses (the result was not valid HTTP). 

Overrides: 

getResponseMessage in class java.net.HttpURLConnection 
Throws: 

java.io .lOException - if an error occurred connecting to the server. 



setFoIlowRedirects 



public static void setFoIlowRedirects (boolean set) 

Sets whether HTTP redirects (requests with response code 3xx) should be automatically 
followed by this class. True by default. Applets cannot change this variable. 

If there is a security manager, this method first calls the security manager's checkSetFactory 
method to ensure the operation is allowed. This could result in a SecurityException. 

Throws: 

java.lang.SecurityException - if a security manager exists and its checkSetFactory 
method doesn't allow the operation. 
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setKeyRingDatabase 

public void setKeyRingDatabase (j ava . lang. String name) 

Sets the value of the keyRingDatabase field for the HttpsURLConnection object to the 

specified value. SSL specific API extension. 

Parameters: 

name - the new value. 



setTimeout 



public void setTimeout ( int seconds) 

Sets the value of the timeout field for the HttpsURLConnection object to the specified value 

SSL specific API extension. 

Parameters: 

seconds - the new value. 



;ji setAsynConnections 

yfl public void setAsynConnections (boolean value) 

Sets the value of the asyncConnectionSet field for the HttpsURLConnection object to the 
n specified value. SSL specific API extension. 

U Parameters: 
j\" value - the new value. 



setEnabledCompressionMethods 

public void setEnabledCompressionMethods (j ava . lang. String methods) 

Sets the value of the enabledCompressionMethods field for the HttpsURLConnection 

to the specified value. SSL specific API extension. 

Parameters: 

methods - the new value. 



setEnableCipherSuites 

public void setEnableCipherSuites (j ava . lang. String cipherSuites ) 

Sets the value of the enabiedCipherSuites field for the HttpsURLConnection object to the 

specified value. SSL specific API extension. 

Parameters: 

cipherSuites - the new value. 
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com.ibm.speech,net.www.protocol.https 

Class HttpsClient 

j ava . lang . Ob j ect 

+ — com. ibm. s slight . SSLContext 
I 

+ — com . ibm . speech . net . www . protocol . https . HttpsClient 



public class HttpsClient 

extends com.ibm.sslight.SSLContext 



Inner classes inherited from class com.ibm.sslight.SSLContext 



com . ibm . sslight . SSLContext . KeyCons train ts 



Field Summary 


static int 


CONNECTED 

Connection established. 


static ]ava. lang. String 


defaultKeyRingDatabase 

Default key ring database. 


static int 


default Port 

Default port allocated for HTTPS provided by HTTP RFC. 


static int 


NOT CONNECTED 

Connection not established. 


static java . lang. String 


sslCertlssuerName 

Certificate Issuer Name of SSL established connection. 


static java . lang. String 


sslCertOrgName 

Certificate's Organization Name of SSL established connection. 


static java . lang . String 


sslCipherSuite 

Cipher suite of SSL established connection. 


static java. lang, String 


sslCompressMethod 

Compression method of SSL established connection. 


static java . net . InetAdciress 


s s 1 Ine tAddres s 

java.net.InetAddress of SSL established connection. 


static int 


sslPort 

Port of SSL established connection. 
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Fields inherited from class comabm.ssIightSSLContext 

asyncConnections, CA, clientAuthentication, CONNECT, CONNECTION, debug, SESSION, 



Constructor Summary 

HttpsClient (java.net. URL u) 

Creates a new HttpsClient instance with the default debug flag. 
HttpsClient ( j ava . net . URL u, boolean debug) 

Creates a new HttpsURLStreamHandier instance with a specified debug flag. 



Method Summary 


void 


connect ( ) 

Method that calls that sets up SSL connection. 


void 


connect (lava. lana.Strina host, int port) 

ivieinoa mat estaDiisnea ooJL connection. 


void 


disconnect ( ) 

Close the connection to the server. 


j ava . lang . String 


getHTTPHeader ( ) 

Returns the header from the HTTP request. 


java . io . InputStream 


getlnputStream ( ) 

Returns a input stream that reads from this open connection. 


j ava . io . Output St ream 


getOutputStream ( ) 

Returns a java.net. Output Stream that writes to this connection. 


int 


getState ( ) 

Returns the current state of the connection. 




handleCertif icateChain (com. ibm, ssliaht . SSLCert [ ] r.hai n ) 

This method is called by SSL if a certificate chain has to be validated by 
the SSL protocol but that cannot be done based on the information stored in 
the public key ring associated with the context or there is no public key ring 
defined at all. 


void 


setAsynConnections {boolean value) 

Sets the value Of the asyncConnectionSet field for the HttpsClient 

object to the specified value. 


void 


setEnableCipherSuites ( i ava . lana . St rina ci pherSn i 

Sets the value of the enabledCipherSuites field for the 
HttpsURLConnection object to the specified value. 


void 


setEnabledCompressionMethods ( i ava . lana . Strina method \ 


Sets the value of the enabledCompressionMethods field for the 
HttpsClient object to the specified value. 


void 


setKeyRingDatabase ( i ava . lana . Strina name ) 

Sets the value of the keyRingDatabase field for the HttpsClient 
object to the specified value. 


void 


setRequestMethod ( i ava . lana . Strina method ) 

Sets the value of the method field for the HttpsClient object to the 
specified value. 



file://H:\CLIENTS\IBM\159\com\ibm\speech\net\www\protocol\https\HttpsClient.html 6/14/00 



Class HttpsClient 



Page 3 of 8 



void 


setRequestProperties f i ava . lancr . Str.i ng prnpprt i ) 

Sets the value of the requestProperties field for the HttpsClient 
object to the specified value. 


void 


setTimeout (int seconds) 

Sets the value of the timeout field for the HttpsURLConnection object 
to the specified value. 



Methods inherited from class com.ibm.sslight.SSLContext 



allowStepUpCryptography, clone, conf irmCertif icateChain, conf irmKeySelection, 
exportKeyRings, getEnabledCipherSuites, getEnabledCompressionMethods, 
getKeyRing, getSSLCertByLabel, getTimeout, handleCertif icateChain, 
handleConnection, handleNoPeerCertif icate, handleNoSiteCertif icate, 
importCACertificates, importKeyRings, importKeyRings , import SiteCertif icates , 
queryAcceptableKeys , restrictStepUpCryptography, setEnabledCipherSuites , 
setKeyRing, setTimeout 



Methods inherited from class java.Iang.Object 



equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, 
wait 



Field Detail 



ssIPort 

public static int ssIPort 

Port of SSL established connection. 



ssIInetAddress 

public static j ava . net . InetAddress ssIInetAddress 

j ava.net Jnet Address of SSL established connection. 



ssICompressMethod 

public static j ava . lang . String ssICompressMethod 

Compression method of SSL established connection. 
sslCipherSuite 

public static j ava . lang. String sslCipherSuite 

Cipher suite of SSL established connection. 
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ssICertOrgName 

public static java.lang. String ssICertOrgName 

Certificate's Organization Name of SSL established connection. 
sslCertlssuerName 

public static j ava . lang . String sslCertlssuerName 

Certificate Issuer Name of SSL established connection. 
NOT_CONNECTED 

Q public static final int NOT_CONNECTED 

^0 Connection not established. 

{J CONNECTED 

public static final int CONNECTED 
i in Connection established. 

3 defaultPort 

public static final int defaultPort 

Default port allocated for HTTPS provided by HTTP RFC. 

defaultKeyRingDatabase 

public static final j ava . lang . String defaultKeyRingDatabase 

Default key ring database. 

[Constructor Detail ~~ 

HttpsClient 

public HttpsClient (java.net .URL u) 
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Creates a new HttpsClient instance with the default debug flag. 
Parameters: 

u - the java.net.URL associated with the connection. 



HttpsClient 

public HttpsClient (java.net .URL u, 

boolean debug) 

Creates a new HttpsURLStreamHandier instance with a specified debug flag. 
Parameters: 

u - the java.net.URL associated with the connection. 

dbg - the boolean value of turning the debug option ON/OFF. 



Method Detail 



iS% handleCertificateChain 

:p protected boolean handleCertif icateChain ( com. ibm. s slight . SSLCert [ ] chain) 

p This method is called by SSL if a certificate chain has to be validated by the SSL protocol but 

n that cannot be done based on the information stored in the public key ring associated with the 

; n context or there is no public key ring defined at all. It can be overridden in a subclass of 

f SSLContext If not redefined, this method returns false, which means the certificate chain is not 

^ verified. In that case the connection establishment is aborted. 

!L Parameters: 

m chain - the SSLCert [ ] assoiciated with the connection. x509chain - the chain of 

X509.v3 certificates, ordered with the sender's certificate first an the root certificate 

; I authority last, correlator - used by the application to associate the handshake with some 

t application defiend Object. This is the same correlator that was used on the SSLSocket 

;:f constructor or the "accept" for the SSLServerSocket, depending on whether the current 

==l role is client or server. 



getlnputStream 

public java.io. InputStream getlnputStream ( ) 

throws java.io. IOException 

Returns a input stream that reads from this open connection. 
Returns: 

an java.io.InputStream that reads from this open connection. 
Throws: 

java.io .IOException - if an I/O error occurs while creating the input stream. 



getOutputStream 



public java.io.OutputStream getOutputStream ( ) 

throws java . io . IOException 
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Returns a java.net.OutputStream that writes to this connection. 
Returns: 

an output stream that writes to this connection. 
Throws: 

java.io JOException - if an I/O error occurs while creating the output stream. 



connect 

public void connect ( ) 

Method that calls that sets up SSL connection. 



connect 

public void connect { j ava . lang . String host, 

int port) 
throws java.io.IOException 

Method that established SSL connection. 
Parameters: 

host - the host to request a connection from. 

port - the port the requested server is listening on. 
Throws: 

IOExeption - if an error occurs while establishing the connection. 



disconnect 

public void disconnect ( ) 

Close the connection to the server. 



getState 

public int getState ( ) 

Returns the current state of the connection. 
Returns: 

int the state of the connection 1 if connected, 0 otherwise. 



getHTTPHeader 

public java. lang. String getHTTPHeader ( ) 

Returns the header from the HTTP request. 
Returns: 
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String the header stripped from the connection's java.netinputStream. 



setRequestMethod 

public void setRequestMethod {j ava . lang . String method) 

Sets the value of the method field for the HttpsClient object to the specified value. 
Parameters: 

name - the new value. 



setRequestProperties 

public void setRequestProperties (j ava . lang. String properties) 

Sets the value of the requestProperties field for the HttpsClient object to the specified 
value. 

Parameters: 

name - the new value. 



;[{ setKeyRingDatabase 

III public void setKeyRingDatabase (j ava . lang. String name) 

u ~ Sets the value of the keyRingDatabase field for the HttpsClient object to the specified 

::«, value. 

jij Parameters: 

; \ name - the new value. 



setTimeout 

public void setTimeout (int seconds) 

Sets the value of the timeout field for the HttpsURLConnection object to the specified value. 
Parameters: 

seconds - the new value. 



setAsynConnections 

public void setAsynConnections (boolean value) 

Sets the value of the asyncConnectionSet field for the HttpsClient object to the specified 
value. 

Parameters: 

value - the new value. 
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setEnabledCompressionMethods 

public void setEnabledCompressionMethods (j ava . lang. String methods) 

Sets the value of the enabiedCompressionMethods field for the HttpsClient object to the 

specified value. 

Overrides: 

setEnabledCompressionMethods in class com.ibm.sslight.SSLContext 
Parameters: 

methods - the new value. 



setEnableCipherSuites 

public void setEnableCipherSuites (j ava . lang. String cipherSuites ) 

Sets the value Of the enabledCipherSuites field for the HttpsURLConnection object to the 

specified value. 

Parameters: 

cipherSuites - the new value. 
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com.ibm.speech.net.www.protocol.https 

Class HttpsURLStreamHandlerFactory 

j ava . lang . Ob j ect 
I 

+ — com . ibm . speech . net . www . protocol . https . HttpsURLStreamHandlerFactory 



public class HttpsURLStreamHandlerFactory 

extends j ava. lang. Object 

implements j ava.net.URLStreamHandlerFactory 

This class implements a factory interface for url stream protocol handlers. 

It is used by the url class to create a HttpsURLStreamHandier for the https protocol. 



Constructor Summary 

HttpsURLStreamHandlerFactory ( ) 



Method Summary 


java . net . URLStreamHandler 


createURLStreamHandler ( j ava . lang . String protocol ) 


Creates a new HttpsURLStreamHandier instance with the 
specified https protocol. 



Methods inherited from class java.lang.Object 

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, 
wait, wait 



Constructor Detail 



HttpsURLStreamHandlerFactory 

public HttpsURLStreamHandlerFactory ( ) 

Method Detail 



createURLStreamHandler 
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public java.net . URLStreamHandler createURLStreamHandler (j ava . lang . String protocol) 

Creates a new HttpsURLStreamHandier instance with the specified https protocol 
Specified by: 

createURLStreamHandler in interface java.net. URLStreamHandlerFactory 
Parameters: 

protocol - the protocol https. 
Returns: 

a HttpsURLStreamHandier for the specific protocol. 



Class Tree Deprecated Index Help 

PREV CLASS NEXT CLASS FRAMES NO FRAMES 

SUMMARY: INNER | FIELD | CONSTR | METHOD DETAIL: FIELD |CONSJR ] METHOD 



file://H:\CLIENTS\IBM\159\com\ft^ 6/14/00 



APPENDIX E 

Class HttpsURLStreamHandler 



6169-159 



O 

m 

& 

m 

m 

m 

w 
Q 

m 
■a 

Q 
Q 



QBWPBM 61 566.1 



30 



: Class HttpsURLStreamHandler 



Page 1 of 2 



Class Tree Deprecated Index Help 

PREV CLASS NEXT CLASS 

SUMMARY: INNER } FIELD | CONSTR | METHOD 



com.ibm»speech.net.www.protocol.https 
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j ava . lang . Ob j ect 
I 

+-- j ava . net . URLSt reamHandler 
I 

+ — com . ibm . speech , net . www . protocol . https . HttpsURLStreamHandler 



public class HttpsURLStreamHandler 

extends java.net.URLStreamHandler 

The class HttpsURLStreamHandler provides a stream protocol handler for the https protocol by 
implementing SSL (Secure Sockets Layer) 3.0. 

In most cases, an instance of a HttpsURLStreamHandler subclass is not created directly by an 
application. Rather, the first time a protocol name is encountered when constructing a url, the 
appropriate stream protocol handler is automatically loaded. 



Constructor Summary 

HttpsURIiS t r eamHandl er ( ) 

Creates a new HttpsURLStreamHandler instance with the default debug flag. 

HttpsURIiS treamHandler (boolean dbg) 

Creates a new HttpsURLStreamHandler instance with a specified debug flag. 



Method Summary 


j ava . net . URLConnection 


openConnection ( j ava . net . URL u ) 

Opens a connection to the object referenced by the url argument. 



Methods inherited from class java.netURLStreamHandler 

parseURL, setURL, toExternalForm 



Methods inherited from class java.lang.Object 

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, 
wait, wait 



Constructor Detail 



FRAMES NO FRAMES 

DETAIL: FIELD | CONSTR | METHOD 
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HttpsURLStreamHandler 

public HttpsURLStreamHandler { ) 

Creates a new HttpsURLStreamHandler instance with the default debug flag. 



HttpsURLStreamHandler 

public HttpsURLStreamHandler (boolean dbg) 

Creates a new HttpsURLStreamHandler instance with a specified debug flag. 
Parameters: 

dbg - the boolean value of turning the debug option ON/OFF. 



Method Detail 



openConnection 

public java.net . URLConnection openConnection (j ava . net . URL u) 

throws java . io . IOException 

Opens a connection to the object referenced by the url argument. 
Overrides: 

openConnection in class java.net.URLStreamHandler 
Parameters: 

u - the URL that this connects to. 
Returns: 

a HttpsURLConnection object for the URL. 

Throws: 

javaio.IOException - if an I/O error occurs while opening the connection. 
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